Threat Database Ransomware MoneroPay Ransomware

MoneroPay Ransomware

By GoldSparrow in Ransomware

The MoneroPay Ransomware is an encryption ransomware Trojan that has appeared with various aliases, targeting different cryptocurrencies in their names and branding. This may seem to stem from the increased interest in Bitcoin through the end of 2017. When something is newsworthy, the threat creators will often include it in their new ransomware Trojans as a way to distinguish from one threat to another. The MoneroPay Ransomware may be installed when victims fall for an online tactic that claims to provide victims with the means to mine a fictional cryptocurrency known as 'SpriteCoin.' When the victims download the supposed mining software and wallet, what they do is to install the MoneroPay Ransomware onto their computers. The MoneroPay Ransomware carries out a typical encryption ransomware attack, making the victim's files inaccessible with the help of an encryption algorithm and then demanding the payment of a ransom to provide the means to recover the affected files.

The Hard-to-Break Encryption Used by the MoneroPay Ransomware

The MoneroPay Ransomware demands payment in Monero. The MoneroPay Ransomware uses an open source encryption, typically the AES 256 encryption, to make the victim's files inaccessible. Some of the file types that are commonly affected by a MoneroPay Ransomware attack include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The MoneroPay Ransomware delivers its ransom note in a program window named 'Moneropay,' which alerts the computer user of the attack and demands the payment of a ransom. The MoneroPay Ransomware marks the files encrypted by the attack by adding the file extension '.encrypted' to their names. The following is the entire text of the ransom note that the MoneroPay Ransomware displays on the victim's computer:

'Your files are encrypted
If you close this window, you can always restart and it should appear again.
All your files have been encrypted by us. This means you will be unable to access or use them. In order to retrieve them, you must send 0.3 monero (about $120 USD) to:
[wallet address]
Make sure you include your payment ID: [sixteen random characters]
Use CTRL +C to copy both
IF YOU DO NOT INCLUDE YOUR PAYMENT ID, YOUR FILES CANNOT BE DECRYPTED. Do not waste your time — only we can decrypt your files.
If you have paid, click on the DECRYPT button to return your files to normal. Don't worry, we'll give you your files back if you pay.

The MoneroPay Ransomware's ransom amount is 120 USD at the current exchange rate approximately. However, computer users must refrain from contacting the cybercrooks responsible for the MoneroPay Ransomware attack or paying this ransom. Doing so allows these people to continue developing threats and claiming new victims in these attacks.

Protecting Your Data from Threats Like the MoneroPay Ransomware

The best protection against threats like the MoneroPay Ransomware is to have file backups on other, clean computers or another place unreachable by the threat. If you have backup copies of your files, then you can restore your files easily following a MoneroPay Ransomware infection. The MoneroPay Ransomware infection itself can be removed with the help of a security program that is fully up-to-date.

SpyHunter Detects & Remove MoneroPay Ransomware

File System Details

MoneroPay Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe 14ea53020b4d0cb5acbea0bf2207f3f6 0


Most Viewed